The latest security information on Intel® products.

Announcement ID:

2024-08-14-001

Issue:

On August 10, 2024 researchers from IOActive delivered a talk at the Defcon conference titled “AMD Sinkclose: Universal Ring -2 Privilege Escalation.” The IOActive researchers discovered a vulnerability in System Management Mode (SMM) on AMD products that allowed them to disable normal SMM security. This type of issue could potentially allow the low-level compromise of a system that is persistent and undetectable.

Intel customers have inquired if Intel® products are affected by this issue. Intel products are not affected by Sinkclose. Intel recognized this space as a potential target for researchers and attackers over a decade ago and has implemented proactive product security assurance and security hardening efforts to safeguard our products.

This is a testament to Intel’s industry leadership in product security assurance highlighted in the 2024 study by ABI Research. Read more at https://intel.com/security. 

Additional Resources:

VIDEO: Proactive product security assurance avoids Sinkclose | Chips & Salsa | Intel: https://youtu.be/UndZ_GGTiDU?si=3O3OPjN4iVnX_2rQ

In this episode, Jerry and CRob talk to Intel experts Christopher Domas (finder of Sinkhole in 2015) and Burzin Daruwala about Intel's proactive product security assurance and security hardening efforts around System Management Mode (SMM) over more than a decade. Christopher and Burzin tell us how tools like ChipSEC help ensure the proper security configurations are in place and how ongoing offensive security research helps to keep Intel products safe.

Other Resources:

CHIPSEC: https://github.com/chipsec/chipsec

Trusted SMM on the Intel vPro(R) Platform: https://www.intel.com/content/dam/www/central-libraries/us/en/documents/drtm-based-computing-whitepaper.pdf

IOActive Cross Platform Feature Comparison: https://ioactive.com/intel-commission-whitepaper-by-ioactive-research-on-intel-amd-cross-platform-comparison-of-security-related-technologies/